Today > | 7 High | 13 Medium | 5 Low vulnerabilities   -   You can now download lists of IOCs here!

Deep Dive Into Unfading Sea Haze: A New Threat Actor in the South China Sea

May 24, 2024, 8:29 a.m.

Description

An investigation by Bitdefender Labs uncovered a previously unidentified cyber threat actor called Unfading Sea Haze. This group has systematically targeted high-level organizations across countries in the South China Sea region. The extensive analysis spanned several years, revealing their evolving tactics, malware arsenal, and ongoing persistence. The primary objective appears to be espionage, with a focus on data exfiltration and surveillance of military and government entities. Unfading Sea Haze employs a sophisticated array of custom malware tools, including variants of the Gh0st RAT family and techniques like DLL sideloading. Their recent shift towards modular, fileless payloads showcases their adaptability in evading detection.

Date

Published: May 24, 2024, 8:21 a.m.

Created: May 24, 2024, 8:21 a.m.

Modified: May 24, 2024, 8:29 a.m.

Indicators

93abcc4062a14ba3d3309fc5e8a910e81a4e3ce1bbbf5e6f7857779b6e76f43a

7587ca6b8163e3e5b05e4a9fc79ec19deee9c971e6f76adadc4d970c99cad4f3

6b5b8b12af21700a212d5ece27f065f8f9ed38b2969ad5dfaa790bc76754de6c

1116efd48ca01623bf385cd612f4da1eb9eeba0329e41d0e068bcd6557a46f8f

45.61.137.109

193.149.129.128

167.71.199.105

188.166.224.242

164.92.146.227

152.42.198.152

139.59.107.49

128.199.66.11

112.113.112.5

128.199.166.143

209.97.167.177

192.153.57.24

159.223.78.147

word.emldn.com

upupdate.ooguy.com

spcg.lunaticfridge.com

sopho.kozow.com

rest.redirectme.net

payroll.mywire.org

provider.giize.com

newy.hifiliving.com

message.ooguy.com

news.nevuer.com

manags.twilightparadox.com

mail.theworkguyoo.com

mail.simpletra.com

mail.adswt.com

mail.bomloginset.com

mail.pcygphil.com

images.emldn.com

link.theworkguyoo.com

linklab.blinklab.com

fc.adswt.com

employee.mywire.org

dns.g8z.net

dns-log.d-n-s.org.uk

bit.kozow.com

cdn.g8z.net

auth.bitdefenderupdate.com

api.simpletra.com

api.bitdefenderupdate.org

airst.giize.com

bitdefenderupdate.org

Attack Patterns

SilentGh0st

TranslucentGh0st

SharpJSHandler

Unfading Sea Haze

T1155

T1197

T1137

T1136

T1548

T1480

T1497

T1598

T1486

T1070

T1105

T1083

T1071

T1219

T1134

T1498

T1560

T1053

T1090

T1059